Remote Access for Critical Infrastructure

06.12.2013 Jordan West
cloud_security_blog

Are you prepared for when things go wrong?

No activities are undertaken in the absence of risk.  Effective measures for minimising risk are essential to ensure minimal disruption to operations if an unexpected event occurs.  In the past, ensuring continuity of service meant either maintaining an in house capability or finding contractors to attend at short notice.  Not everybody can justify the need or cost for a full-time on-site engineering team to be on standby. Trying to secure the services of a suitably qualified contractor at a moment’s notice can be a risky and expensive exercise, particularly in remote locations. With some forward planning and appropriate infrastructure, many issues can often be diagnosed remotely, significantly reducing the cost and trouble of accessing appropriate engineering expertise.

Some tasks will always require an onsite presence to resolve. Whilst it is not possible to have someone remotely replace a broken gearbox, it is possible to provide support to an untrained operator to achieve a suitable outcome.  For example, trained pilots have helped talk unqualified civilians through landing airliners.  Where possible, it is preferable to have the trained operator perform the task without an intermediary – such as the trained pilot landing the aircraft remotely over a data link.  These two methods form the basis for remote support. 

In a complex plant environment, understanding the problem then devising and explaining a solution remotely can be a tough task.  Technological advances in modern control systems and the proliferation of high speed data links now allow for remote operators to directly interact with affected plant.  A remote desktop, Team Viewer, Skype or equivalent connection to a suitably enabled computer can provide an engineer a similar environment to that they would experience in an onsite control room.   Problems can be immediately identified and solutions enacted without the possibility of miscommunication.

Many organisations are however unwilling to allow this type of remote access to their plant, sighting the risk of unauthorised access through this channel.  Whilst these risks are always present, with the appropriate measures, these risks can be reduced to lower than those presented by a disaffected staff member.  The NSA may have had impenetrable security, but it only took one guy on the inside – Edward Snowden – to spill all their secrets.  Good internal practices are an essential first step in ensuring your security before anyone connects to a computer.

Effectively reducing the risks associated with allowing external access to equipment can be achieved by employing the following precautions:

Use a single, physical connection for remote access

There should be a single, easily removable connection between the on-site diagnostic PC and the outside world (i.e. the Internet). This reduces complexity and allows for a traceable connection. A USB 3G data modem works well for this.

Keep the connection disabled except when needed

Disabling a connection unless required significantly reduces the risk of the connection being discovered and compromised. This means that the connection to the outside world should remain physically disconnected at all times, except in the rare case that remote access is required.

Use one-time passwords and two factor identification

Beyond physical disconnection there are other means to disable the connection unless you are sure of the person’s identity on the other end.  One time only passwords and two factor identification are both effective for this purpose.

Encrypt all traffic

Ensure any software that is being used for remote access provides full end-to-end encryption, preventing eavesdroppers from spying or intercepting, even if the connection has been discovered.

Review general security measures for network-connected computers

Consider the risks of having any computer connected to the outside world and take the usual precautions. These include:

  • Enact very strict firewall rules – allowing only outgoing access to the remote services required and blocking all other traffic. General internet surfing and email access should not be available.
  • Keep Anti-virus software up to date.
  • Password protect access to all subsystems – SCADA displays, PC logins, etc.

Modern technology provides a great number of tools – and remote access is possibly one of the best. With proper security measures in place, remote support can be achieved with a lower risk profile than your existing operations.  The flexibility it affords can allow previously impossible operational circumstances to become a reality – timely response in abnormal situations need not require a costly in house engineering team; recovery from problems can be achieved in minutes without travel delays. These are just two reasons to re-assess your current policies regarding remote access to ensure that your critical infrastructure is well prepared to face the unexpected.

__

More by Jordan West

5 Critical tools missing in the control systems world

Abstraction: How to tame complexity and boost productivity